Designing an Access Control System for Internet of Things

Sammanfattning: For many Internet of Things (IoT) devices security have not been a priority during the development, but what happens if the makers of IoT devices use a secure framework for developing their devices? In this thesis a number of such frameworks have been evaluated for their suitability to build an access control system around. Both Vanadium and Protocol of Things (PoT) were found to be suitable candidates. Both frameworks employ a distributed access control model where the owner of a device can grant other users access to the device by generating a signed authorization. PoT was ultimately chosen as the framework around which to design the prototype access control system because it was deemed to be slightly more suitable than Vanadium. The prototype takes the rule based and discretionary access control model from the underlying framework and makes it possible for administrators to transparently authorize users to devices through role abstractions. Thus it is possible to transparently manage a class of users at the same time instead of having to manage each individual user. Furthermore the prototype is able to do this in a generic way. The prototype does not contain any code of functionality for any specific device it manages, it is capable of managing access to any PoT device. The design and implementation is deemed both scalable and efficient. Running on a single thread it is possible to generate over one thousand signed authorizations per second. In a system where users are granted access to 200 unique device permissions the total file size of the signed authorizations and accompanying meta data does not exceed 150 kB. It takes approximately 70 ms to establish a secure connection between the client and server software. For large data transfers the throughput is approximately 2.6-2.8 MB per second, including encryption and decryption of request and response from the client to the server.